Detections
Analytics
Alpine: multiple elfutils packages, multiple libelf packages: security update to 0.168-r1 (deprecated)
medium Tenable Self-Hosted Container Security Plugin ID 400581
Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:- An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in
elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application
crash) with a crafted ELF file, as demonstrated by consider_notes. (CVE-2018-18310)
See Also
https://git.alpinelinux.org/aports/commit/?id=40635ea8bac5ac0c8b8f25bbd78c06f6c81eb9ae
https://git.alpinelinux.org/aports/commit/?id=e6866032366ba749f1255724e6ef1114058e9390
Plugin Details
Severity: Medium
ID: 400581
Version: Revision 1.22
Type: Local
Published: 8/16/2023
Updated: 1/17/2024
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2018-18310
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/7/2019
Vulnerability Publication Date: 10/15/2018
Reference Information
CVE: CVE-2018-18310